Metadefender

metadefender

Vendor: Opswat • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-40778 1Opswat 1Metadefender Nov 21, 2024 Sep 19, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A stored Cross-Site Scripting (XSS) vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response.
CVE-2022-32272 1Opswat 1Metadefender Nov 21, 2024 Jun 9, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1, and MetaDefender Email Gateway Security before 5.6.1 have incorrect access control, resulting in privilege escalation.
CVE-2022-32273 1Opswat 1Metadefender Nov 21, 2024 Jun 8, 2022 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core (MDCore) before 5.1.2 could allow an authenticated user to enumerate filenames on the server.
CVE-2018-16275 1Opswat 1Metadefender Nov 21, 2024 Aug 31, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 OPSWAT MetaDefender before v4.11.2 allows CSV injection.